GB2509454A - Monitoring system for monitoring unauthorized access points, monitoring server, method and program - Google Patents

Monitoring system for monitoring unauthorized access points, monitoring server, method and program Download PDF

Info

Publication number
GB2509454A
GB2509454A GB1406704.5A GB201406704A GB2509454A GB 2509454 A GB2509454 A GB 2509454A GB 201406704 A GB201406704 A GB 201406704A GB 2509454 A GB2509454 A GB 2509454A
Authority
GB
United Kingdom
Prior art keywords
access point
terminal
pseudo
unauthorized access
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1406704.5A
Other versions
GB201406704D0 (en
GB2509454B (en
Inventor
Shinkichi Hamada
Yukihiro Murakami
Yayoi Fujiwara
Yasutaka Nishimura
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB201406704D0 publication Critical patent/GB201406704D0/en
Publication of GB2509454A publication Critical patent/GB2509454A/en
Application granted granted Critical
Publication of GB2509454B publication Critical patent/GB2509454B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/08Testing, supervising or monitoring using real traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/18Service support devices; Network management devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

In order to provide a monitoring system, a monitoring server, and a method and a program for effectively inhibiting wireless communications by unauthorized access points when such access points are configured, provided is a monitoring system which includes a monitoring server for monitoring unauthorized access points and multiple terminal devices which are connected to the monitoring server via a network. With this monitoring system, the terminal devices obtain radio wave information from radio waves transmitted by an access point and transmit the radio wave information to the monitoring server. The monitoring server detects an unauthorized access point by using terminal information which includes the radio wave information received from the terminal devices, determines a terminal device to be used as a pseudo-access point by using the intensity of the radio wave transmitted by the unauthorized access point, and instructs said terminal device to transmit a radio wave. Said terminal device transmits a radio wave on the basis of the instruction given by the monitoring server.

Description

[Document Name] Description
[Title of Invention] MONITORTNG SYSTEM, MONTTORING SERVER, METHOD, AND PROGRN4 FOR MONITORING UNAUTHORIZED ACCESS POTNT
[Technical Field]
[0001] The present invention relates to a technology for monitoring an access point and in particular to a monitoring system, monitoring server, method, and program for monitoring an unauthorized access point and blocking wireless communications performed by the unauthorized access point.
[Background Art]
[0002] Recently, tethering using a smart phone or use of a mobile router has allowed easy acguisition of an access point, whioh is means for installing a wireless base station in a corporate facility or the like. Unauthorized connection of such an access point to a corporate network or the like may oause serious problems suoh as leakage of confidential information suoh as personal information. For this reason, there have been proposed technologies for blocking wireless communications performed by an unauthorized access point.
[0003] Patent Literature 1 discloses a method for detecting an unauthorized access point apparatus which is not connected to a wired LAN and preventing The unauthorized access point apparatus from accessing a wireless LAN terminal. In this method, a physically fixed, existing access point apparatus detects an unauthorized access point, generates blocking data at the timing when the unauthorized access point apparatus transmits a beacon frame, and transmits the blocking data to radio space.
[Citation List] [Patent Literature] [0004] Japanese Patent No. 4229148
[Summary of Invention]
[Technical Problem] [0005] However, where multiple access point apparatuses are present on one network, these access point apparatuses are generally installed so as to be physically away from each other. The method disclosed in Patent Literature 1 allows only an existing access point apparatus that has detected an unauthorized access point to transmit data for blocking wireless communications performed by the unauthorized access point. This disadvantageously prevents effective blocking of wireless communications performed by the unauthorized access point.
[0006] The present invention has been made to solve the above-mentioned problem. Accordingly, it is an object of the present invention to provide a monitoring system, monitoring server, method, and program that, when an unauthorized access point is installed, effectively block wireless communications performed by the access point.
[Solution to Problem] [0007] The present invention provides a monitoring system including a monitoring server for monitoring an unauthorized access point and multiple terminals connected to the monitoring server via a network. The terminals acquire radio wave information from radio waves transmitted by an access point and transmits the radio wave information to the monitoring server. The monitoring server detects an unauthorized access point using terminal information including the radio wave information received from the terminals, designates a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point, and instructs the terminal to transmit radio waves. The terminal transmits radio waves in accordance with the instruction from the monitoring server.
[0008] According to the present invention, a monitoring server, method, and program can be provided that detect an unauthorized access point using terminal information including radio wave information received from terminals connected to the monitoring server via a network, designates a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point, and instructs the terminal as a pseudo-access point to transmit radio waves.
[Advantageous Effects of Invention] [0009] Since the present invention empioys the above-mentioned configuration, a terminal adjacent to an access point installed in an unauthorized manner is designated as a pseudo-access point. As a result, wireless communications performed by the unauthorized access point can be blocked effectively.
[Brief Description of Drawings]
[0010] [FIG. 1] FIG. 1 is a drawing showing a monitoring system for monitoring an unauthorized wireless LAN access point according to an embodiment of The present invention.
[FIG. 2] FIG. 2 is a diagram showing respective functional configurations of a monitoring server and a terminal included in the monitoring system shown in FIG. 1.
[FIG. 3] FIG. 3 is a diagram showing an example of the data tables of databases held by the monitoring server and the terminals shown in FIG. 1.
[FIG. 4] FIG. 4 is a flowchart showing an example of a process performed by the terminals according to the embodiment shown in FIG. 1.
[FIG. 5] FIG. 5 is a flowchart showing an example of a process performed by the monitoring server according to the embodiment shown in FIG. 1.
[FIG. 6] FIG. 6 is a flowchart showing an example of the process of step S503 shown in FIG. 5.
[FIG. 7] FIG. 7 is a flowchart showing another example of the process of step S503 shown in FIG. 5.
[FIG. 6] FIG. B is a flowchart showing yet another example of the process of step S503 shown in FIG. 5.
[Description of Embodiment]
[0011] Ihe present invention will be described nsing an embodiment but not limited thereto. FIG. 1 is a drawing showing a monitoring system for monitoring an unauthorized wireless LAN (local area network) access point according to an embodiment of the present invention. Referring now to FIG. 1, a monitoring system 100 will be described.
[0012] Ihe monitoring system 100 includes a monitoring server 110, hubs 112a and 112b, an access point 114, and terminals 120a, 12Gb, 12Cc, and 120d. These apparatuses are connected to a network 130 constructed by a LAN.
[0013] The monitoring server 110 is a server apparatus for monitoring an unauthorized wireless LAN access point. The monitoring server 110 gathers radio wave information from the terminals 120a to 120d via the network 130 and monitors whether an unauthorized wireless LAN access point is installed.
[0014] The monitoring server 110 execntes a program according to the present invention written in a programming language such as assembler, C, C++, Java®, JavaScript®, PERL, PUP, RUBY, and PYTHON under the coinrol of an operating system (OS) such as Windows® series, including Windows® 7, Windows Vista®, Windows XE®, and Windows200X Server®, Mac OS®, UNIX®, and LINUX®.
[0015] The monitoring server 110 includes a RZ\M for providing execution space for executing The program according to the present invention, a hard disk drive (ULD) for continuously holding programs, data, and like, and storage devices such as flash memory. It implements functional units according to the present invention (to be discussed later) on itself by executing the program according to the present invention.
The functional units according to the present invention can be implemented by the above-mentioned apparatus-executable program written in a programming language or the like. The program according to the present invention can be transmitted in a format readable by different information processing apparatuses via a network.
[0016] The terminals 120a, 12Db, 120c, and 120d are information processing apparatuses having a wireless communications function. The ierminals 120a, 12Db, 120c, and 120d provide radio wave information to the monitoring server 110 via the network 130, as well as transmit various types of radio wave in accordance with an instruction from the monitoring server 110. In the example shown in FIG. 1, the terminals 120a, 12Db, and 120c are connected to the network 130 via the hubs 112a and 112b and communicate with the monitoring server 110 by wire. While the terminals 120a, 12Db, 12Cc, and 120d shown in FIG. 1 are notebook PCs, they may be information processing apparatuses, such as various types of computers, including desk-top PCs and tablet PCs, and mobile information terminals, including smart phones, cellular phones, and PDFs, in other embodiments.
[0017] The terminals 120a, 12Db, l2Dc, and l2Cd execute a program according to the present invention written in a programming language such as assembler, C, C++, Java®, JavaScript®, PERL, PUP, RUBY, and PYTHON under the contrcl cf an CS, such as Windows® series, including Windows® 7, Windows Vista®, Windows XP®, Windows200X Server®, and Windows Mobile®, Mac CS®, UNIX®, LINUX®, Android®, Google Chrome Os, TRON, and ITRON.
[0018] The terminals 120a, 120b, 120c, and 120d each Include a RLM for providing execution space for executing the program according to the present invencicn, a hard disk drive (HDD) for continuously holding programs, data, and like, and storage devices such flash memory. They implement functional units according to The present invention (to be discussed later) on themselves by executing the program according to the present invencicn. The functions according to the present invention can be performed by the above-mentioned apparatus-executable program written in a programming language or the li:ce. The program according to the present invention oan be transmitted in a format readable by other information processing apparatuses via the network.
[0019] The access point 114 is a router apparatus having a wireless communications function, such as a mobile router, and is oonnected to the network 130. In this embodiment, the access point 114 is an authorized access point, which is authorized to access the monitoring system 100. The termiuals l2Oa, 120b, 12Cc, and 120d communicate with each other wirelessiy via the access point 114.
[0020] The monitoring system 100 shown in FTG. 1 also includes an access point 140. The access point 140 is an unauthorized access point, which is not authorized to access the monitoring system 100, but is connected to the network via the hub 112b.
[0021] FIG. 2 is a diagram showing the respective function configurations of the monitoring server 110 and the terminal 120a included in the monitoring system 100 shown in FIG. 1.
Referring now to FIG. 2, the function configurations of the monitoring server 110 and the erminal 120a will be described. Note that the funcrion configurations of the terminals 12Gb, 12Cc, and 120d are the same as that of the terminal 120a and therefore will not be described.
[0022] The monitoring server 110 includes an access point monitoring unit 200, a terminal information database 212, an address range information database 214, an authorized access point information database 216, and a pseudo-access point information database 218.
[0023] The access point monitoring unit 200 is function means for monitoring an unauthorized access point. It includes a terminal information registration unit 202, an unauthorized access point detection unit 204, a pseudo-access point designation unit 206, a radio wave transmission instruction unit 208, and a pseudo-access point information update unit 210.
[0024] The terminal information registration unit 202 is function neans for registering terminal information, including radio wave information received from the terminals 120a, 12Gb, 12Cc, and 120d in The terminal information database 212. Upon reoeipt of radio wave information from these terninals via the network 130, the terminal information registration unit 202 derives terminal information including the radio wave information and registers the terminal informarion in the terminal information database 212. The terminal information database 212 will be described in detail with reference to FIG. 3 later.
[0025] The unauthorized access point detection unit 204 is function neans for detecting an unauthorized access point.
The unauthorized access point detection unit 204 uses -10 -authorized access point information registered in the authorized access point information database 216 and terminal information registered in the terminal information database 212 to detect whether there is an unauthorized access point. The authorized access point information database 216 will be described in detail with reference to FTG. 3 later.
[0026] The pseudo-access point designation unit 206 is function means for designating a terminal as a pseudo-access point for blocking wireless communications performed by an unauthorized access point (hereafter referred to as "pseudo-access point'1) . The pseudo-access point designation unit 206 refers to the terminal information database 212 to determine a terminal which is suitable for blocking wireless communications performed by an unauthorized access point and which is adjacent to the unauthorized access point, and designates the terminal as a pseudo-access point.
[0027] The pseudo-access point designation unit 206 refers to the terminal information database 212 and notifies the administrator of the monitoring system 100 of information (terminal name, MAC address, position information, etc.) for identifying the terminal designated as a pseudo-access point, for example, by displaying the information on the display -11 -apparatus of the monitoring server 110. Alternatively, the pseudo-access point designation unit 206 may notify the administrator by transmitting The information to a previously specified email address.
[0028] The radio wave transmission instruction unit 208 is function neans for transmitting a radio wave transmission instruction to the terminal designated by the pseudo-access point designation unit 206. The radio wave transmission instruction unit 208 transmits the radio wave transmission instruction to the terminal designated as a pseudo-access point in order to cause the terminal to transmit radio waves.
[0029] The pseudo-access point information update unit 210 is function neans for registering, in the pseudo-access point information database 218, information for identifying the terminal which is designated as a pseudo-access point and to which the radio wave transmission instruction unit 208 has transmitted the radio wave transmission instruction as well as pseudo-access point informaion including information on the position of the terminal. The pseudo-access point information database 218 will be described in detail with reference to FIG. 3 later.
[0030] The terminal l2Oa includes a software agent 220, a -12 -wireless LAN adapter control unit 228, a wireless LAN adapter 230, and a radio wave information database 232.
[0031] The software agent 220 is a program that is installable to the terminal 120a, and includes a radio wave information acquisition unit 222, a radio wave information transmission unit 224, and a radio wave transmission unit 226. The software agent 220 may be implemented as a program that always starts up when the terminal 120a starts up, or may be implemented as a program that starts up in accordance with a startup instruction from the user.
[0032] The radio wave information acquisition unit 222 is function means for aoquiring radio wave information deteoted by the wireless LAN adapter control unit 228. The radio wave information acquisition unit 222 periodioally acquires radio wave information from the wireless LAN adapter 230 via the wireless LAN adapter control unit 228 and registers the radio wave information in the radio wave information database 232. The radio wave information database 232 will be described in detail with reference to FIG. 3 later.
[0033] The radio wave information transmission unit 224 is function means for transmitting radio wave information to the monitoring server 110. The radio wave information -13 -transmission unit 224 periodically acquires radio wave information from the radio wave information database 232 and transmits the radio wave information to the monitoring server 110.
[0034] The radio wave transmission unit 226 is function means for causing the wireless LAN adapter 230 to transmit radio waves for blocking wireless communications performed by an unauthorized access point. Upon receipt of a radio wave transmission instruction from The monitoring server 110, the radio wave transmission unit 226 refers to radio wave information registered in the radio wave information database 232, determines radio waves suitable for blocking wireless communications performed by an unauthorized acoess point, and causes the wireless LAN adapter 230 to transmit the radio waves via the wireless LAN adapter control unit 228. The radio wave transmission unit 226 also transmits radio waves including information for identifying the terminals 120a, 120b, 120c, and 120d and protocol information. The radio wave transmission unit 226 periodically refers to the radio wave information database 232 and causes the wireless LAN adapter 230 to transmit radio waves until radio wave information from the unauthorized access point disappears.
[0035] -14 -For example, when an unanthorized access point is using IEEE8O2.llb/g as a wireless LAN communication protocol, the radio wave transmission nnit 226 can refer to radio wave information registered in the radio wave information database 232, identify a channel being used by the access point, and cause the wireless IAN adapter 230 to transmit radio waves in the same freguency band as that allocated to the channel.
[0036] When a channel being used by an unauthorized access point changes with time, the radio wave transmission unit 226 can refer to radio wave information registered in the radio wave information database 232, identify the changed channel being used by the unauThorized access pcint, and cause the wireless LAN adapter 230 to transmit radio waves at the same frequency band as That allccated to the changed channel.
[0037] Further, the radic wave transmission unit 226 can refer to radio wave information registered in the radio wave information database 232, idenrify a channel being used by an unauthorized access point, and cause the wireless LAN adapter 230 to transmit radio waves in the same frequency band as that allocated to all channels of IEEE8O2.lAb/g, including the channel.
-15 -[0038] In another embodiment, the radio wave transmission unit 226 may block wireless communications performed by an unauthorized access point, by making DoS (denial of service) attack against the unauthorized access point, for example, by continuously transmitting access reguests to the unauthorized access point.
[0039] Where a packet transmitted by an unauthorized access point is encrypted, the radio wave transmission unit 226 may block wireless communications performed by the access point, by decrypting the packet and transmitting a pseudo-packet to the unauthorized access point. In this case, the radio wave transmission unit 226 may store information on the decrypted packet in the form of a log, journal, or the like.
[0040] The wireless LAN adapter control unit 228 is function means for controlling the wireless LAN adapter 230. The wireless LAN adapter control unit 228 controls the wireless LAN adapter 230 in accordance with an instruction from the higher-order program, the software agent 220. The wireless LAN adapter control unit 228 also provides information on radio waves detected by the wireless LAN adapter 230 in accordance with an instruction from the software agent 220.
[0041] -16 -The wireless LAN adapter 230 is an apparatus that includes an antenna capable of transmitting and receiving radio waves and that performs wireless LAN communications.
The wireless LAN adapter 230 detects radio waves transmitted by a surrounding access point, A/b converts the radio waves, and transnits the resulting radio waves to the wireless LAN adapter control unit 228. The wireless LAN adapter 230 also transmits radio waves in a specified freguency band or transmits a specific packet under the control of the wireless LAN adapter control unit 228.
[0042] FIG. 3 is a diagram showing an example of the data tables of databases held by the monitoring server 110 and the terminals 120a, 12Db, 120c, and 120d. Referring now to FTG. 3, these data tables will be described.
[0043] An IP address range information table 310 is the data table of the address range information database 214 held by the monitoring server 110. An IP address range 312 and position information 314 are registered in the IF address range information table 310 in an associated manner. These pieces of information are previously set by the administrator of the monitoring system 100.
[0044] The IF address range 312 is the range of IF addresses -17 -allocated to the terminals l2Oa, l2Ob, 120c, and l2Od. In this embodiment, when the nser connects the terminals 120a, 120b, 12Cc, and 120d to the necwork 130, a DHCP (dynamic host configuration protocol) server included in the monitoring system 100 automatically allocates IP addresses in the I? address range 312 to these terminals.
[0045] In another embodiment, when the user connects the terminals l2Oa, 120b, 120c, and 120d to the network 130, the user may manually specify IP addresses in the IP address range 312.
[0046] The position information 314 is information indicating the positions where the terminals 120a, 120b, 120c, and 120d having the allocated I? addresses are connected to the network 130. The position information 314 can be set to each of TP address ranges shown by the IP address range 312.
[0047] In an example shown in FIG. 3, "192.168.1.0/24" and "192.168.2.0/24" are registered as examples of the IF address range, and "Tokyo/bldg.1/16F/east" and "Tokyo/bldg.i/16F/west" are registered with respect to these IF address ranges in an associated manner. That is, the IF address range information table 310 shows that a terminal to which an IF address in the IF address range "192.168.1.0/24" -18 -is allocated is present in "Tokyo/bldg.1/16F/east" and that a terminal to which an IP address in the I? address range "192.168.2.0/24" is allocated is present in "Tokyo/bldg.l/16F/west".
[0048] The authorized access point information table 320 is the data table of the authorized access point information database 216 held by the monitoring server 110. Terminal name and terminal identification information 322 and psendo-access point identification information 324 are registered in the authorized access point information table 320 in an associated manner. These pieces of information are previously set by the administrator of the monitoring system 100.
[0049] The terminal name and terminal identification information 322 are the name of a terminal that can be designated as a pseudo-access point and information for identifying the terminal. A terminal name is any name that can be set by the administrator. Terminal identification information is information by which a terminal can be uniquely identified. In this errirodiment, an If) number unique to an Ethernet® card used by a terminal, a MAC (media access control) address, is used as terminal identification information.
-19 -[0050] The pseudo-access point identification information 324 is information for identifying a pseudo-access point in the monitoring system 100. Where the terminals 120a, 120b, 12Cc, and l20d are designated as pseudo-access points, the pseudo-access point identification information 324 is information for identifying the terminals 120a, 12Gb, 12Cc, and 120d serving as pseudo-access points. In this embodiment, an SOlD (service set identifier) , for which any alphanumeric characters can be set, are used as information for identifying a pseudo-access point.
[0051] A radio wave information table 330 is the data table of the radio wave information database 232 held by the terminals 120a, 120b, 12Cc, and 120d. Terminal identification information 332, radio intensity 334 derived from radio waves detected by the terminals 120a, 12Db, 12Cc, and 120d, and protocol informarion 336 are registered in the radio wave information table 330 in an associated manner.
[0052] The terminal identification information 332 is terminal identification information derived from radio waves transmitted by the authorized access point 114 such as a router apparatus having a wireless communications function, the terminals 120a, 12Db, 120c, and 120d, and the -20 -unauthorized access point 140. In this embodiment, the MAC addresses of these access poinrs are used as terminal identification information 332.
[0053] The radio intensity 334 is the intensity of radio waves transmitted by an access point and represents the degree of actual radio intensity relative to the maximum radio intensity that the terminals 120a, 120b, 120c, and 120d can detect. While radio intensity is represented by a percentage in this embodiment, it may be represented by other numeric values (e.g., 0 «= radio intensity «= 1, etc.) in other embodiments.
[0054] The protocol information 336 is information on a communication protocol used by an access point. The protocol information 336 includes information for identifying an access point and information indicating the type of a communication protocol used by the access point.
An example shown in FIG. 3 shows that an SSID is used as information for identifying an access point and that an access point to which "LBM3" is set as an SSID is using a channel "1" of the communication protocol "IEEE8O2.llg." This example also shows that an access point to which "BAD" is set as an SSID is using the channel "6" of the communication protocol "IEEEBO2.llg." -21 -[0055] A terminal information table 340 is the data table of the terminal information database 212 held by the monitoring server 110. The monitoring server 110 derives terminal information by referring to the address range information database 214 and the authorized access point information database 216 and using radio wave information received from the terminals 120a, 120b, 120c, and 120d. Such terminal information is registered in the terminal information table 340. Terninal name and the terminal identification information 342, position information 344, radio wave information 346, and radio wave information measurement time 346 are registered in the terminal information table 340 in an associated manner.
[0056] The terminal name and terminal identification information 342 are the name of a terminal that has transmitted radio wave informacion, and information for identifying the terminal. The information for identifying the terminal is added to the radio wave information as metadata. The terminal name is a terminal name corresponding to the information for identifying the terminal, and the monitoring server 110 determines it by referring to the authorized access point information database 216.
-22 -[0057] The position information 344 is information indicating the position where the terminal indicated by the terminal name and the terminal identification information 342 is connected to the network 130. The monitoring server 110 determines the position information 344 by referring to the address range information database 214 and using the TP address of the terminal, which the metadata of the radio wave information.
[0058] The radio wave information 346 is radio wave information transmitted by a terminal indicated by the terminal name and terminal identification information 342.
Terminal identification information of an access point which has transnitted radio waves derected by the terminal that has transmitted the radio wave information, radio intensity, and protocol information are registered in the radio wave information 346. The radio wave information measurement time 348 is the time when the monitoring server 110 receives the radio wave information.
[0059] The pseudo-access point information table 350 is the data table of the pseudo-access point information database 218 held by the mcnitcring server 110. Terminal name and terminal identification information 352 of a terminal -23 -designated as a pseudo-access point, and position information 354 of the terminal are registered in the psendo-access point information tabie 350 in an associated manner.
[0060] FIG. 4 is a flowchart showing an example of a process performed by the terminal according to the embodiment shown in FIG. 1. Referring now to FIG. 4, a process performed by the terminal 120a will be described.
[0061] Ihe process of FIG. 4 starts from step 5400. In step S401, the radio wave information acquisition unit 222 of the software agent 220 of the terminal 120a determines whether it has detected radio waves from an adjacent access point.
If it has not detected radio waves (NO) , it repeats the process of step S40l. In contrast, if it has determined radio waves (YES), it proceeds to step 5402.
[0062] In step S402, the radio wave information acquisition unit 222 stores radio wave information included in the detected radio waves in the radio wave information database 232. In step 5403, the radio wave information transmission unit 224 transmits the radio wave information stored in the radio wave information database 232 to the monitoring server 110.
-24 -[0063] In step 5404, the software agent 220 determines whether standby time has elapsed. If The standby time has not eiapsed (NC), it repeats the process of step 5404. In contrast, if the standby time has elapsed (YES) , it returns to step 5401 and performs the above-mentioned process again.
In this enbodiment, any time can be set as the standby time.
[0064] FIG. 5 is a flowchart showing an example of a process performed by the monitoring server according to the embodiment shown in FIG. 1. Referring now to FIG. 5, the process performed by the monitoring server 110 will be described.
[0065] Ihe process of FIG. S starts from step 5500 where the monitoring server 110 receives radio wave information from the terminals 120a, 120b, 120c, and 120d. In step 5501, the terminal information registration unit 202 of the access point monitoring unit 200 refers to the address range information database 214 and the authorized access point information database 216, derives terminal information using the received radio wave information and metadata thereof, and registers the terminal information in the terminal information database 212.
[0066] -25 -In step 5502, the unauthorized access point detection unit 204 refers to the terminal information database 212 and the authorized access point information database 216 and determines whether radio wave information registered in the terminal information database 212 includes information for identifying an unauthorized access point. Thus, it determines whether there is an unauthorized access point.
If there is no unauthorized access point (NO) , the process proceeds to step 5505 and ends. In contrast, if there is an unauthorized access point (YES), the process proceeds to step S503.
[0067] In step 5503, the pseudo-access point designation unit 206 designates a terminal as a pseudo-access point. In step 5504, the radio wave transmission instruction unit 208 transmits a radio wave transmission instruction to the terminal designated as a pseudo-access point in step 5503.
The process ends in step 5505.
[0068] FIG. 6 is a flowchart showing an example of the process of step 5503 shown in FIG. S. [0069] The process shown in FIG. 6 starts from step 3600. In step S601, the pseudo-access point designation unit 206 refers to the terminal informaion database 212 and sorts -26 -terminal information in the descending order of the radio intensity of an unauthorized access point. Tn step 5602, the pseudo-access point designation unit 206 designates, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined radio intensity from the unauthorized access point. The process then ends in step 5603. In this embodiment, any level of radio intensity which is suitable for blocking wireless communications performed by an unauthorized access point can be set as predetermined radio intensity.
[0070] FIG. 7 is a flowchart showing another example of the process of step 5503 shown in TIG. 5.
[0071] The process shown in FIG. 7 starts from step 5700. In step 5701, the pseudo-access point designation unit 206 refers to the terminal informacion database 212 and sorts terminal information in the descending order of the radio intensity of an unauthorized access point. In step 5702, the pseudo-access pcint designaticn ilnit 206 designates, as a pseudo-access point, a terminal that has received radio waves having the highest intensity from the unauthorized access point. The process then ends in step S703.
[0072] FIG. 8 is a flowchart showing yet another example of -27 -the process of step 5503 shown in FTG. 5. In this example, the monitoring server 110 includes a traffic monitoring unit for monitoring traffic on the network 130 and acquires traffic information including The amounts of traffic generated by the terminals 120a, 120b, 120c, and 120d and information for identifying the terminals.
[0073] The process shown in FIG. 8 starts from step 5800. In step S801, the pseudo-access point designation unit 206 refers to the terminal informaiion database 212 and sorts terminal information in the descending order of the radio intensity of an unauthorized access point. In step S802, the traffic monitoring unit monitors traffic on the network and acquires traffic information. In step 3803, the pseudo-access point designation unit 206 designates a terminal designates, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined radio intensity from the unauthorized access point and that has not generated traffic on the network.
The process then ends in step S804. In this embodiment, any level of radio intensity which is suitable for blocking wireless communications performed by an unauthorized access point can be set as predetermined radio intensity.
[0074] In this example, a terminal which has not generated -28 -traffic on the network 130 is selectively designated as a pseudo-access point. Thus, a rerminal which is not connected to the network by wire but is performing wireless LAN communications is prevented from being designated as a pseudo-access point. As a result, without blocking wireless communications performed by that terminal, those performed by an unauthorized access poinr can be blocked.
[0075] While the embodiment has been described, the present invention is not limited therero. Changes, including a change to or deletion of any function means of the embodiment and addition of anorher function means, can be made thereto without departing from the scope conceivable for those skilled in the art. Any embodiment will fall within the scope of the presenr invention as long as the embodiment has functions and advantages of the invention.
[Reference Signs List] [0076] 100: monitoring system 110: monitoring server ll2a, ll2b: hub 114: access point l2Oa, 12Gb, 12Cc, 120d: terminal 130: network 140: access point -29 -

Claims (14)

  1. [Document Name] Scope of Claims Claims: 1. A monitoring system comprising: a monitoring server that nonitors an unauthorized access point; and a plurality of terminals connected to the monitoring server via a network, wherein each of the terminals comprises: a radio wave information acguisition unit that acguires radio wave information from radio waves transmitted by an access point; a radio wave information transmission unit that transmits the radio wave information to the monitoring server; and a radio wave transmission unit that transmits radio waves in accordance with an instruction from the monitoring server, and wherein the monitoring server comprises: a terminal information registration unit that registers terminal information in a database, the terminal information including the radio wave information received from the terminals; an unauthorized access point detection unit that detects an unauthorized access point using the terminal information; -30 -a pseudo-access point designation unit that designates a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point; and a radio wave transmission instruction unit that instructs the terminal designaned as a pseudo-access point to transmit radio waves.
  2. 2. The monitoring system according to Claim 1, wherein the pseudo-access point designation unit designates, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined intensity from the unauthorized access point.
  3. 3. The monitoring system according to Claim 1, wherein the pseudo-access point designation unit designates, as a pseudo-access point, a terminal that has received radio waves having the highest intensity from the unauthorized access point.
  4. 4. The monitoring system according to Claim 1, wherein the monitoring server further comprises a traffic monitoring unit that monitors nraffic on the network, wherein the pseudo-access point designation unit designates, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined intensity from the unauthorized access point and that has not -31 -generated traffic on the network.
  5. 5. A monitoring server for monitoring an unauthorized access point, comprising: a terminal information registration unit that registers terminal information in a database, the terminal information including radio wave information received from a plurality of terminals, the terminals being connected to the monitoring server via a networl; an unauthorized access point detection unit that detects an unauthorized access point using the terminal information; a pseudo-access point designation unit that designates a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point; and a radio wave transmission instruction unit that instructs the terminal designaned as a pseudo-access point to transmit radio waves.
  6. 6. The monitoring server according to Claim 5, wherein the pseudo-access point designation unit designates, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined intensity from the unauthorized access point.
  7. 7. The monitoring server according to Claim 5, wherein the pseudo-access point designation unit designates, as a pseudo-access point, a terminal that has received radio -32 -waves having the highest intensity from the unauthorized access point.
  8. 8. The monitoring server according to Claim 5, further comprising a traffic monitoring unit that monitors traffic on the network, wherein the pseudo-access point designation unit designates, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined intensity from the unauthorized access point and that has not generated traffic on the network.
  9. 9. A method performed by a monitoring server for monitoring an unauthorized access point, rhe method comprising the steps of: registering terminal information in a database, the terminal information including radio wave information received from a plurality of terminals, the terminals being connected to the monitoring server via a network; detecting an unauthorized acoess point using the terminal information; designating a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point; and instructing the terminal designated as a pseudo-access point to transmit radio waves.
    -33 -
  10. 10. The method accordimg to Claim 9, wherein the step of desigmatimg a terminal as a pseudo-access point comprises the step of desigmating a terminal, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined intensity from the unauthorized access point.
  11. 11. The method according to Claim 9, wherein the step of designating a terminal as a pseudo-access point comprises the step of designating, as a pseudo-access point, a terminai that has received radio waves having the highest intensity from the unauthorized access point.
  12. 12. The method according to Claim 9, further comprising the step of monitoring traffic on the network, wherein the step of designating a terminal as a pseudo-access point comprises the step of designating, as a pseudo-access point, a terminal that has received radio waves having intensity not iess than predetermined intensity from the unauthorized access point and chat has not generated traffic on the network.
  13. 13. An apparatus-executable program for oausing a monitoring server for monitoring an unauthorized access point to perform a method comprising the steps of: registering terminal information in a database, the terminal information including radio wave information reoeived from a plurality of terminals, the terminals being -34 -connected to the monitoring server via a network; detecting an unauthorized access point using the terminal information; designating a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point; and instructing the terminal designated as a pseudo-access point to transmit radio waves.
  14. 14. A monitoring server for monitoring an unauthorized access point, comprising: a terminal information registration unit that registers terminal information in a database, the terminal information including radio wave information received from a terminal; an unauthorized access point detection unit that detects an unauthorized access point using the terminal information; a pseudo-access point designation unit that designates a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point; a radio wave transmission instruction unit that instruct the terminal designated as a pseudo-access point to transmit radio waves; and a traffic monitoring unit that monitors traffic on a network, wherein the pseudo-access point designation unit designates, as -35 -a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined intensity from the unauthorized access point, designates, as a pseudo-access point, a terminal that has received radio waves having the highest intensity from the unauthorized access point, or designates, as a pseudo-access point, a terminal that has received radio waves having intensity not less than predetermined intensity from the unauthorized access point and that has not generated traffic on the network.-36 -
GB1406704.5A 2011-09-30 2012-07-06 Monitoring system, monitoring server, method, and program for nitoring unauthorised access point Active GB2509454B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011215996 2011-09-30
PCT/JP2012/067300 WO2013046849A1 (en) 2011-09-30 2012-07-06 Monitoring system for monitoring unauthorized access points, monitoring server, method and program

Publications (3)

Publication Number Publication Date
GB201406704D0 GB201406704D0 (en) 2014-05-28
GB2509454A true GB2509454A (en) 2014-07-02
GB2509454B GB2509454B (en) 2014-09-10

Family

ID=47994907

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1406704.5A Active GB2509454B (en) 2011-09-30 2012-07-06 Monitoring system, monitoring server, method, and program for nitoring unauthorised access point

Country Status (6)

Country Link
US (2) US9374711B2 (en)
JP (1) JP5576568B2 (en)
CN (1) CN103843380B (en)
DE (1) DE112012003770B4 (en)
GB (1) GB2509454B (en)
WO (1) WO2013046849A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE112012003770B4 (en) 2011-09-30 2023-11-09 International Business Machines Corporation Monitoring system, monitoring server, method and program for monitoring an unauthorized access point
US9237028B1 (en) * 2012-08-14 2016-01-12 Sprint Spectrum L.P. Method and apparatus for generating a tethering alert based on a threshold similarity between incoming data and outgoing data
US10531545B2 (en) 2014-08-11 2020-01-07 RAB Lighting Inc. Commissioning a configurable user control device for a lighting control system
US10085328B2 (en) 2014-08-11 2018-09-25 RAB Lighting Inc. Wireless lighting control systems and methods
US10039174B2 (en) 2014-08-11 2018-07-31 RAB Lighting Inc. Systems and methods for acknowledging broadcast messages in a wireless lighting control network
CN104349325B (en) * 2014-11-07 2018-09-28 工业和信息化部通信计量中心 Method and device for monitoring pseudo- wireless access point AP
US20180042046A1 (en) * 2015-03-05 2018-02-08 Huawei Technologies Co., Ltd. Pseudo access method, direct connection scheduling method for pseudo access, station, and access point
US10057022B2 (en) * 2015-09-28 2018-08-21 Yazaki Corporation Method for controlling access to an in-vehicle wireless network
CN107404723B (en) * 2016-05-20 2020-08-21 北京小米移动软件有限公司 Method and device for accessing base station
CN106412915A (en) * 2016-10-31 2017-02-15 宇龙计算机通信科技(深圳)有限公司 Pseudo-wireless access point identification method and system
US10123165B1 (en) * 2017-09-19 2018-11-06 International Business Machines Corporation Eliminating false positives of neighboring zones
WO2023157141A1 (en) * 2022-02-16 2023-08-24 日本電気株式会社 Radiowave information output device, radiowave information output method, radiowave information output system, and recording medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006279438A (en) * 2005-03-29 2006-10-12 Saxa Inc Illegal access detecting method and device
JP2009022028A (en) * 2008-08-26 2009-01-29 Oki Electric Ind Co Ltd Detection method and control method of access point device, access point detection device, access point device, and wireless lan system
JP2011097437A (en) * 2009-10-30 2011-05-12 Toshiba Corp Communication system, mobile terminal of the system, and center of the system

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3792154B2 (en) 2001-12-26 2006-07-05 インターナショナル・ビジネス・マシーンズ・コーポレーション Network security system, computer apparatus, access point recognition processing method, access point check method, program, and storage medium
EP1593284B1 (en) 2003-02-13 2012-04-11 Ekahau OY Location applications for wireless networks
US7453840B1 (en) 2003-06-30 2008-11-18 Cisco Systems, Inc. Containment of rogue systems in wireless network environments
JP3951986B2 (en) * 2003-08-27 2007-08-01 ブラザー工業株式会社 Wireless station
US7002943B2 (en) 2003-12-08 2006-02-21 Airtight Networks, Inc. Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices
KR20060132701A (en) * 2004-02-19 2006-12-21 닛본 덴끼 가부시끼가이샤 Unauthorized wireless station detecting system, apparatus used therein, and method therefor
US7370362B2 (en) * 2005-03-03 2008-05-06 Cisco Technology, Inc. Method and apparatus for locating rogue access point switch ports in a wireless network
JP4733488B2 (en) 2005-09-26 2011-07-27 マイクロソフト コーポレーション A method for cooperatively finding disconnected clients and rogue access points in a wireless network
US7716740B2 (en) * 2005-10-05 2010-05-11 Alcatel Lucent Rogue access point detection in wireless networks
JP2007174287A (en) 2005-12-22 2007-07-05 Nec Corp Radio packet communication system, radio packet base station, radio packet terminal and illegal communication canceling method
US7971251B2 (en) 2006-03-17 2011-06-28 Airdefense, Inc. Systems and methods for wireless security using distributed collaboration of wireless clients
JP4229148B2 (en) 2006-07-03 2009-02-25 沖電気工業株式会社 Unauthorized access point connection blocking method, access point device, and wireless LAN system
US8782745B2 (en) * 2006-08-25 2014-07-15 Qwest Communications International Inc. Detection of unauthorized wireless access points
JP4717898B2 (en) 2008-01-24 2011-07-06 株式会社エヌ・ティ・ティ・ドコモ Radio base station apparatus and radio base station apparatus network incorporation method
JP4862868B2 (en) 2008-08-26 2012-01-25 沖電気工業株式会社 Access point device control method, access point device, and wireless LAN system
JP2010263310A (en) 2009-04-30 2010-11-18 Lac Co Ltd Wireless communication device, wireless communication monitoring system, wireless communication method, and program
CN102158869B (en) * 2011-03-07 2015-08-05 电信科学技术研究院 The processing method that in a kind of equipment, mutual interference is coordinated and equipment
DE112012003770B4 (en) 2011-09-30 2023-11-09 International Business Machines Corporation Monitoring system, monitoring server, method and program for monitoring an unauthorized access point

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006279438A (en) * 2005-03-29 2006-10-12 Saxa Inc Illegal access detecting method and device
JP2009022028A (en) * 2008-08-26 2009-01-29 Oki Electric Ind Co Ltd Detection method and control method of access point device, access point detection device, access point device, and wireless lan system
JP2011097437A (en) * 2009-10-30 2011-05-12 Toshiba Corp Communication system, mobile terminal of the system, and center of the system

Also Published As

Publication number Publication date
JPWO2013046849A1 (en) 2015-03-26
WO2013046849A1 (en) 2013-04-04
DE112012003770B4 (en) 2023-11-09
US9674708B2 (en) 2017-06-06
CN103843380B (en) 2018-03-09
US20140304783A1 (en) 2014-10-09
GB201406704D0 (en) 2014-05-28
DE112012003770T5 (en) 2014-06-18
US9374711B2 (en) 2016-06-21
GB2509454B (en) 2014-09-10
US20160302073A1 (en) 2016-10-13
JP5576568B2 (en) 2014-08-20
CN103843380A (en) 2014-06-04

Similar Documents

Publication Publication Date Title
GB2509454A (en) Monitoring system for monitoring unauthorized access points, monitoring server, method and program
KR102316420B1 (en) User Equipment Approval Procedure for Uplink Carrier Aggregation
EP3127298B1 (en) Specifying a mac address based on location
US11751066B2 (en) Managing access to a shared spectrum using a domain proxy
EP2986056B1 (en) Wi-fi network connection method and wi-fi device
US11102170B2 (en) Route delivery method and device
US10567972B2 (en) Cloud-based system for distributed hierarchical databases
US20150040194A1 (en) Monitoring of smart mobile devices in the wireless access networks
EP3342118B1 (en) Automatically grouping, authenticating, and provisioning access points using cloud-based management of wlan infrastructure
WO2012064563A4 (en) Systems, apparatuses, and methods to support dynamic spectrum access in wireless networks
US20140282905A1 (en) System and method for the automated containment of an unauthorized access point in a computing network
KR101606352B1 (en) System, user terminal, and method for detecting rogue access point and computer program for the same
EP3206437A1 (en) Hidden hotspot access method and device
US11564081B1 (en) Auto-update and activation of locale-specific eSIM profile for a global enterprise user
EP2887731B1 (en) Acquiring neighbour cell information
US9338184B1 (en) Systems, methods, and software for improving resistance to distributed denial of service attacks
US20240179672A1 (en) Methods and devices for configuring a channel at an access point (ap)
WO2019003798A1 (en) Radio communication device and method of avoiding radio frequency interference
US12009897B2 (en) Layer 1 and layer 3 measurement coordination
US20240171540A1 (en) Systems and methods for edge device discovery
RU2634170C1 (en) System and method for determining level of trust of url received from transmitter
WO2016186662A1 (en) Mobile asset compliance evaluation
KR101368019B1 (en) Controlling method of mobile terminal, recording medium implementing the same and mobile terminal managing server
KR101589714B1 (en) Femtocell system and method for managing femto access point in the femtocell system

Legal Events

Date Code Title Description
746 Register noted 'licences of right' (sect. 46/1977)

Effective date: 20141009